W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2011

[whatwg] Enhancement request: change EventSource to allow cross-domain access

From: Per-Erik Brodin <per-erik.brodin@ericsson.com>
Date: Sun, 19 Jun 2011 00:25:57 +0200
Message-ID: <4DFD25F5.6050105@ericsson.com>
On 2011-06-17 21:57, Ian Hickson wrote:
> On Wed, 1 Jun 2011, ilya goberman wrote:
>> Can EventSource be enhanced to support cross-domain requests via
>> "Access-Control-Allow-Origin" header, just like it is already done for
>> XHR? See
>> http://en.wikipedia.org/wiki/XMLHttpRequest#Cross-domain_requests.
> Done.

Great news!
The same-origin check in step 4 under "When the EventSource() 
constructor is invoked .." is still present.

According to the CORS specification, a request is not to be terminated 
even when the resource sharing check fails. However, when using CORS 
with EventSource I think it may be justified since the response is 
typically not returned right away.

The Cache-Control request header used with EventSource is not in the 
list of simple request headers and a preflight request is not really an 
option here in my opinion.

Received on Saturday, 18 June 2011 15:25:57 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:06 UTC